| inferno-chromium | a660ca3 | 2016-11-23 08:35:07 -0800 | [diff] [blame] | 1 | # OSS-Fuzz - Continuous Fuzzing for Open Source Software |
| Mike Aizatsky | 3986fa3 | 2016-09-14 09:44:10 -0700 | [diff] [blame] | 2 | |
| Kostya Serebryany | 1250af6 | 2016-11-21 13:48:02 -0800 | [diff] [blame] | 3 | ## Introduction |
| Mike Aizatsky | 8f24df7 | 2016-10-25 14:31:45 -0700 | [diff] [blame] | 4 | |
| 5 | [Fuzz testing](https://en.wikipedia.org/wiki/Fuzz_testing) is a well-known |
| Kostya Serebryany | b2f73b2 | 2016-11-18 16:50:54 -0800 | [diff] [blame] | 6 | technique for uncovering various kinds of programming errors in software. |
| inferno-chromium | a660ca3 | 2016-11-23 08:35:07 -0800 | [diff] [blame] | 7 | Many of these detectable errors (e.g. [buffer overflow](https://en.wikipedia.org/wiki/Buffer_overflow)) can have serious security implications. |
| Mike Aizatsky | 8f24df7 | 2016-10-25 14:31:45 -0700 | [diff] [blame] | 8 | |
| jonathanmetzman | 9a6cb17 | 2019-02-07 17:54:49 -0800 | [diff] [blame] | 9 | We successfully deployed |
| Kostya Serebryany | b48c72b | 2016-11-18 16:47:25 -0800 | [diff] [blame] | 10 | [guided in-process fuzzing of Chrome components](https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html) |
| inferno-chromium | a660ca3 | 2016-11-23 08:35:07 -0800 | [diff] [blame] | 11 | and found [hundreds](https://bugs.chromium.org/p/chromium/issues/list?can=1&q=label%3AStability-LibFuzzer+-status%3ADuplicate%2CWontFix) of security vulnerabilities and stability bugs. We now want to share the experience and the service with the open source community. |
| Mike Aizatsky | 8f24df7 | 2016-10-25 14:31:45 -0700 | [diff] [blame] | 12 | |
| inferno-chromium | a660ca3 | 2016-11-23 08:35:07 -0800 | [diff] [blame] | 13 | In cooperation with the [Core Infrastructure Initiative](https://www.coreinfrastructure.org/), |
| 14 | OSS-Fuzz aims to make common open source software more secure and stable by |
| Kostya Serebryany | b48c72b | 2016-11-18 16:47:25 -0800 | [diff] [blame] | 15 | combining modern fuzzing techniques and scalable |
| 16 | distributed execution. |
| 17 | |
| Florian Mayer | 834c12d | 2018-12-11 22:31:51 +0000 | [diff] [blame] | 18 | We support [libFuzzer](http://llvm.org/docs/LibFuzzer.html) and [AFL](http://lcamtuf.coredump.cx/afl/) as fuzzing engines |
| 19 | in combination with [Sanitizers](https://github.com/google/sanitizers). |
| Abhishek Arya | cf4af86 | 2019-08-07 07:37:16 -0700 | [diff] [blame] | 20 | [ClusterFuzz](https://google.github.io/oss-fuzz/furthur-reading/clusterfuzz) |
| jonathanmetzman | 9a6cb17 | 2019-02-07 17:54:49 -0800 | [diff] [blame] | 21 | provides a distributed fuzzer execution environment and reporting. You can |
| 22 | checkout ClusterFuzz [here](https://github.com/google/clusterfuzz). |
| Mike Aizatsky | 8f24df7 | 2016-10-25 14:31:45 -0700 | [diff] [blame] | 23 | |
| Kostya Serebryany | 229ffae | 2016-12-02 20:41:47 -0800 | [diff] [blame] | 24 | Currently OSS-Fuzz supports C and C++ code (other languages supported by [LLVM](http://llvm.org) may work too). |
| 25 | |
| Abhishek Arya | cf4af86 | 2019-08-07 07:37:16 -0700 | [diff] [blame] | 26 | ## Documentation |
| 27 | You can find detailed documentation [here](https://google.github.io/oss-fuzz). |
| Max Moroz | aa9c257 | 2018-12-11 13:56:48 -0800 | [diff] [blame] | 28 | |
| Oliver Chang | 9e0c143 | 2016-10-25 20:44:34 -0700 | [diff] [blame] | 29 | ## Trophies |
| Abhishek Arya | cf4af86 | 2019-08-07 07:37:16 -0700 | [diff] [blame] | 30 | As of August 2019, OSS-Fuzz has found [~14,000] bugs in over [200] open source |
| 31 | projects. |
| Mike Aizatsky | 2681964 | 2016-10-06 14:02:52 -0700 | [diff] [blame] | 32 | |
| Abhishek Arya | cf4af86 | 2019-08-07 07:37:16 -0700 | [diff] [blame] | 33 | [~14,000]: https://bugs.chromium.org/p/oss-fuzz/issues/list?can=1&q=-status%3AWontFix%2CDuplicate+-Infra |
| 34 | [200]: https://github.com/google/oss-fuzz/tree/master/projects |
| Mike Aizatsky | 2681964 | 2016-10-06 14:02:52 -0700 | [diff] [blame] | 35 | |
| Abhishek Arya | cf4af86 | 2019-08-07 07:37:16 -0700 | [diff] [blame] | 36 | ## Blog posts |
| 37 | |
| 38 | * 2016-12-01 ([1](https://opensource.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html), |
| 39 | [2](https://testing.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html), |
| 40 | [3](https://security.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html)) |
| 41 | * 2017-05-08 ([1](https://opensource.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html), |
| 42 | [2](https://testing.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html), |
| 43 | [3](https://security.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html)) |
| 44 | * 2018-11-06 ([1](https://security.googleblog.com/2018/11/a-new-chapter-for-oss-fuzz.html)) |
| 45 | |
| 46 | |